Network Security Fundamentals Midterm Exam
Hisoka is creating a summary document for new employees about their options for different mobile devices. One part of his report covers encryption. What would Hisoka NOT include in his document?
Apple uses file-based encryption to offer a higher level of security.
Agape has been asked to experiment with different hardware to create a controller for a new device on the factory floor. She needs a credit-card-sized motherboard that has a microcontroller instead of a microprocessor. Which would be the best solution?
Arduino
Deo has been asked to explain RSA to his colleague. After his explanation, Deo is asked what, if any, weaknesses RSA has. How would Deo respond?
As computers become more powerful, the ability to compute factoring has increased.
Which of the following is NOT a characteristic of a penetration test?
Automated
Oskar has been receiving emails about critical threat intelligence information from a public information sharing center. His team leader has asked him to look into how the process can be automated so that the information can feed directly into their technology security. What technology will Oskar recommend?
Automated Indicator Sharing (AIS)
Akira is explaining to his team members the security constraints that have made it a challenge for protecting a new embedded system. Which of the following would Akira NOT include as a constraint?
Availability
What penetration testing level name is given to testers who have no knowledge of the network and no special privileges?
Black box
What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?
Brokers
Which group is responsible for the Cloud Controls Matrix?
CSA
In her job interview, Xiu asks about the company policy regarding smartphones. She is told that employees may choose from a limited list of approved devices but that she must pay for the device herself; however, the company will provide her with a monthly stipend. Which type of enterprise deployment model does this company support?
CYOD
Which of these is NOT a characteristic of a secure hash algorithm?
Collisions should occur no more than 15 percent of the time.
Which of the following ensures that only authorized parties can view protected information?
Confidentiality
Luka has been asked by his supervisor to monitor the dark web for any IOCs concerning their organization. The next week, Luca reports back that he was unable to find anything due to how looking for information on the dark web is different from using the regular web. Which of the following is not different about looking for information on the dark web?
Dark web search engines are identical to regular search engines.
Which of the following is not to be decrypted but is only used for comparison purposes?
Digest
Which boot security mode sends information on the boot process to a remote server?
Measured Boot
What allows a device to be managed remotely?
Mobile device management (MDM)
Which of the following is not a reason why a legacy platform has not been updated?
No compelling reason for any updates
Cryptography can prevent an individual from fraudulently reneging on an action. What is this known as?
Nonrepudiation
Which of the following is not a recognized attack vector?
On-prem
Tuva's supervisor wants to share a recent audit outside the organization. Tuva warns him that this type of audit can only be read by those within the organization. What audit does Tuva's supervisor want to distribute?
SSAE SOC 2 Type II
Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation?
Scope
What prevents a mobile device from being used until the user enters the correct passcode?
Screen lock
Which of the following groups have the lowest level of technical knowledge?
Script kiddies
Which of the following is true regarding the relationship between security and convenience?
Security and convenience are inversely proportional.
Which of the following is not true regarding security?
Security is a war that must be won at all costs.
Which stage conducts a test that will verify the code functions as intended?
Staging stage
Egor wanted to use a digital signature. Which of the following benefits will the digital signature NOT provide?
Verify the receiver
Which model uses a sequential design process?
Waterfall model
Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization?
White hat hackers
Which of these is a list of preapproved applications?
Whitelist
Aoi has been asked to provide research regarding adding a new class of Android smartphones to a list of approved devices. One of the considerations is how frequently the smartphones receive firmware OTA updates. Which of the following reasons would Aoi NOT list in her report as a factor in the frequency of Android firmware OTA updates?
Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth the updates consume on their wireless networks.
What are public key systems that generate different random public keys for each session?
perfect forward secrecy
Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____.
through products, people, and procedures on the devices that store, manipulate, and transmit the information
What are the two limitations of private information sharing centers?
Access to data and participation
What is another name for footprinting?
Active reconnaissance
Which of these is the strongest symmetric cryptographic algorithm?
Advanced Encryption Standard
Which tool is most commonly associated with state actors?
Advanced Persistent Threat (APT)
If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message?
Alice's public key
Basil was reading about a new attack that forces the system to abandon a higher cryptographic security mode of operation and instead fall back to an older and less secure mode. What type of attack is this?
Downgrade attack
What type of analysis is heuristic monitoring based on?
Dynamic analysis
Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks that occurred were mainly for what purpose?
Fame
What enforces the location in which an app can function by tracking the location of the mobile device?
Geofencing
What is the process of identifying the geographical location of a mobile device?
Geolocation
Which of the following tries to detect and stop an attack?
HIPS
Which of these provides cryptographic services and is external to the device?
Hardware Security Module (HSM)
Which ISO contains controls for managing and controlling risk?
ISO 31000
Which of the following is not something that a SIEM can perform?
Incident response
Which of the following of the CIA Triad ensures that the information is correct, and no unauthorized person has altered it?
Integrity
Which of the following is FALSE about "security through obscurity"?
It can only provide limited security.
Which of the following is FALSE about a quarantine process?
It holds a suspicious application until the user gives approval.
Which of the following is NOT a characteristic of the Trusted Platform Module (TPM)?
It includes a pseudorandom number generator (PRNG).
What is the advantage of a secure cookie?
It is sent to the server over HTTPS.
What does containerization do?
It separates personal data from corporate data.
An IOC occurs when what metric exceeds its normal bounds?
KRI
Which of these is NOT a security feature for locating a lost or stolen mobile device?
Last known good configuration
When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique?
Lateral movement
Which of the following is NOT an advantage of crowdsourced penetration testing?
Less expensive
What does Windows 10 Tamper Protection do?
Limits access to the registry
Which tool manages the distribution and control of apps?
MAM
Which of the following is not used to describe those who attack computer systems?
Malicious agent
Which of the following is a standard for the handling of customer card information?
PCI DSS
Which of these is considered the strongest type of passcode to use on a mobile device?
Password
Which of the following is not an issue with patching?
Patches address zero-day vulnerabilities
What is data called that is to be encrypted by inputting it into a cryptographic algorithm?
Plaintext
Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake?
Planning
What are the two concerns about using public information sharing centers?
Privacy and speed
Which of the following is false about the CompTIA Security+ certification?
Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.
Which of these is used to send SMS text messages to selected users or groups of users?
Push notification services
Which of the following technologies can convert a texting app into a live chat platform?
RCS
Brielle is researching substitution ciphers. She came across a cipher in which the entire alphabet was rotated 13 steps. What type of cipher is this?
ROT13
Which type of OS is typically found on an embedded system?
RTOS
Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on?
Red Team
Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals?
Regulations
Which is the final rule of engagement that would be conducted in a pen test?
Reporting
What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas?
Requests for comments (RFCs)
Which of the following is NOT an important OS security configuration?
Restricting patch management
Which of these is NOT a basic security protection for information that cryptography can provide?
Risk
Banko's sister has just downloaded and installed an app that allows her to circumvent the built-in limitations on her Android smartphone. What is this called?
Rooting
Which of the following is NOT a symmetric cryptographic algorithm?
SHA
Cicero is researching hash algorithms. Which algorithm would produce the longest and most secure digest?
SHA3-512
Which of the following can automate an incident response?
SOAR
After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered?
Security manager
Which of the following groups use Advanced Persistent Threats?
State actors
Which of the following hides the existence of information?
Steganography
Which of the following is not an improvement of UEFI over BIOS?
Support of USB 3.0
What is the term used to describe the connectivity between an organization and a third party?
System integration
Which of the following is an application protocol for exchanging cyberthreat intelligence over HTTPS?
TAXII
Which privacy protection uses four colors to indicate the expected sharing limitations that are to be applied by recipients of the information?
TLP
What is low latency?
The time between when a byte is input into a cryptographic cipher and when the output is obtained.
Which of the following is NOT a limitation of a threat map?
They can be difficult to visualize.
Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo?
They would have to stay overnight to perform the test.
How do vendors decide which should be the default settings on a system?
Those settings that provide the means by which the user can immediately begin to use the product.
Which premise is the foundation of threat hunting?
Threat actors have already infiltrated our network.
What is an objective of state-sponsored attackers?
To spy on citizens
Which of the following is NOT a context-aware authentication?
Trusted contacts
Which of the following is NOT a general information source that can provide valuable in-depth information on cybersecurity?
What is a collision?
Two files produce the same digest.
Hakaku needs a tool with a single management interface that provides capabilities for managing and securing mobile devices, applications, and content. Which tool would be the best solution?
UEM
Enki received a request by a technician for a new subnotebook computer. The technician noted that he wanted USB OTG support and asked Enki's advice regarding its. Which of the following would Enki NOT tell him?
USB OTG is only available for connecting Android devices to a subnotebook.
Which of the following is NOT an advantage to an automated patch update service?
Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.
